CVE-2024-43468: Microsoft Configuration Manager Remote Code Execution Vulnerability
Overview
- Severity
- Critical (CVSS 9.8)
- CVSS Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
- Category
- Remote Code Execution
- Exploit Status
- Not Exploited
- Exploitation Likelihood
- Less Likely
- Patch Tuesday
- 2024-Oct
- Released
- 2024-10-08
- EPSS Score
- 83.11% (percentile: 99.3%)
- CISA KEV
- Listed — due 2026-03-05
FAQ
How could an attacker exploit this vulnerability?
An unauthenticated attacker could exploit this vulnerability by sending specially crafted requests to the target environment which are processed in an unsafe manner enabling the attacker to execute commands on the server and/or underlying database.
What actions do customers need to take to protect themselves from this vulnerability?
Customers using a version of Configuration Manager specified in the Security Updates table of this CVE need to install an in-console update to be protected. Guidance for how to install Configuration Manager in-console updates is available here: Install in-console updates for Configuration Manager.
Known Exploits (2)
- Microsoft Configuration Manager SQL Injection Vulnerability — added 2025-01-17T12:20:09Z
- Microsoft Configuration Manager SQL Injection Vulnerability — added 2024-11-26T12:39:44Z
Detection & Weaponization (1 sources)
Maturity: Exploit
- GitHub PoC: 2 repositories
Affected Products (3)
System Center
- Microsoft Configuration Manager 2303
- Microsoft Configuration Manager 2309
- Microsoft Configuration Manager 2403
Security Updates (1)
Acknowledgments
<a href="https://github.com/kalimer0x00">Mehdi Elyassa</a> with <a href="https://www.synacktiv.com/">Synacktiv</a>
Revision History
- 2024-10-08: Information published.